apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "gemini.fullname" . }}-controller
  labels:
    app: gemini
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gemini
  template:
    metadata:
      labels:
        app: gemini
    spec:
      {{- if .Values.rbac.create }}
      serviceAccountName: {{ include "gemini.fullname" . }}-controller
      {{- else }}
      serviceAccountName: {{ .Values.rbac.serviceAccountName }}
      {{- end }}
      nodeSelector:
        node-role.kubernetes.io/master: ""
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
      containers:
      - command:
        - gemini
        {{- with .Values.verbosity }}
        - -v
        - {{ . | quote }}
        {{- end }}
        image: '{{.Values.image.repository}}:{{.Values.image.tag}}'
        imagePullPolicy: '{{.Values.image.pullPolicy}}'
        name: gemini-controller
        resources:
          {{- toYaml .Values.resources | nindent 12 }}
        securityContext:
          allowPrivilegeEscalation: false
          privileged: false
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          capabilities:
            drop:
              - ALL